CVE-2014-6322Improper Input Validation in Microsoft Windows Server 2008

CWE-20Improper Input Validation8 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
6.8%
top 8.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft Windows Server 2008Microsoft Windows Server 2012
Timeline
PublishedNov 11
Latest updateMay 14

Description

The Windows Audio service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted web site, as demonstrated by execution of web script in Internet Explorer, aka "Windows Audio Service Vulnerability."

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

Patches

Patch: docs.microsoft.comPatch: docs.microsoft.com

🔴Vulnerability Details

3
GHSA
GHSA-m8cg-423w-qg9g: The Windows Audio service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 82022-05-14
Project0
Windows 10^H^H Symbolic Link Mitigations - Project Zero2015-08-01
VulnCheck
Microsoft Windows Improper Input Validation2014

🕵️Threat Intelligence

4
Unit42
The Old and New: Current Trends in Web-based Threats2018-06-20
Unit42
The Old and New: Current Trends in Web-based Threats2018-06-20
Talos
Microsoft Update Tuesday November 2014: Fixes for 3 0-day Vulnerabilities2014-11-11
Talos
Microsoft Update Tuesday November 2014: Fixes for 3 0-day Vulnerabilities2014-11-11